“ Zilla Plus gave us exactly what we needed—secure, Kafka-native connectivity to our private MSK clusters from anywhere, without compromising security or building custom integrations. It’s accelerated our project delivery and simplified how we connect critical business systems across our ecosystem.”
-Karthik Rajendran | Platform Owner – AWS Cloud Integration/Data Movement, KONE
Challenge
KONE, a global leader in elevator and escalator manufacturing and services, needed to securely expose its Amazon Managed Streaming for Apache Kafka (MSK) clusters to external systems over the internet.
Their MSK clusters were intentionally kept in private subnets to reduce security risks, but many producer and consumer applications—such as SAP BTP IS (Integration Suite), Salesforce CRM, EWA (Engineering Workflow Application), R&D AWS applications, PLM, GoodSign, PIP, and E2Open—were hosted outside KONE’s internal network. This included vendor and supplier applications that required secure, reliable data exchange with MSK.
Before adopting MSK, KONE ran Kafka on-premises and never exposed it to the internet. Migrating to MSK created a need to connect cloud and third-party applications without compromising security. The main challenge: enabling internet access to MSK without placing brokers in public subnets, which would have posed significant security threats.
Solution
KONE discovered Aklivity’s Zilla Plus while researching how to securely expose private MSK clusters to internet consumers. Zilla Plus, available via the AWS Marketplace, provided the critical capability they were looking for: mutual TLS authentication for external MSK clients.
With Zilla Plus acting as a Kafka-native proxy, KONE could:
- Keep MSK clusters in private subnets.
- Authenticate and authorize internet clients via mTLS.
- Avoid building custom publisher and subscriber applications in their integration layer.
Implementation was streamlined using KONE’s existing CI/CD pipelines. Zilla Plus became a core part of their integration platform, enabling bi-directional data flows between SAP, third-party vendor systems, and MSK without exposing sensitive infrastructure.
Results
With Zilla Plus, KONE has been able to:
- Securely connect MSK from anywhere without placing brokers in public subnets.
- Accelerate integration delivery—cutting time-to-market for projects involving external data consumers.
- Reduce development overhead by eliminating the need for custom publisher/subscriber applications in the integration layer.
This approach enables KONE to support a wide range of business-critical integrations, including SAP-driven financial, supply chain, and R&D data flows, while maintaining robust security controls.
